diff options
| author | job <> | 2023-04-30 16:46:49 +0000 | 
|---|---|---|
| committer | job <> | 2023-04-30 16:46:49 +0000 | 
| commit | f31a437549264c66096a997ee2e4d7b4afecefb1 (patch) | |
| tree | ad7b978bb12f503e60d7814271c73dd39bc8d116 /src/lib/libcrypto/dsa/dsa_ossl.c | |
| parent | b84d7c53fec2427d8d237f4cef51f1aeb76d4cf7 (diff) | |
| download | openbsd-f31a437549264c66096a997ee2e4d7b4afecefb1.tar.gz openbsd-f31a437549264c66096a997ee2e4d7b4afecefb1.tar.bz2 openbsd-f31a437549264c66096a997ee2e4d7b4afecefb1.zip | |
Revert disablement of the encoding cache
Without the cache, we verify CRL signatures on bytes that have been
pulled through d2i_ -> i2d_, this can cause reordering, which in turn
invalidates the signature. for example if in the original CRL revocation
entries were sorted by date instead of ascending serial number order.
There are probably multiple things we can do here, but they will need
careful consideration and planning.
OK jsing@
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')
0 files changed, 0 insertions, 0 deletions
